CVE-2024-41878 MEDIUM

CVE-2024-41878: Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Vendor Adobe
Product Adobe Experience Manager
Weakness CWE-79 · XSS
Published August 23, 2024
Last update October 7, 2024

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link.

Key dates

02Disclosure timeline

August 23, 2024 CVE published
October 7, 2024 Record updated